Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
subsonic vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-9414
Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote malicious users to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other ...
Subsonic Subsonic 6.1.1
1 EDB exploit
6.5
CVSSv3
CVE-2018-6014
Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cross-domain policy that allows an malicious user to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SW...
Subsonic Subsonic 6.1.3
8.8
CVSSv3
CVE-2017-9413
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote malicious users to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Int...
Subsonic Subsonic 6.1.1
1 EDB exploit
7.5
CVSSv3
CVE-2017-9415
Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.
Subsonic Subsonic 6.1.1
1 EDB exploit
7.4
CVSSv3
CVE-2017-9355
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote malicious users to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
Subsonic Subsonic 6.1.1
1 EDB exploit
NA
CVE-2008-2391
SubSonic allows remote malicious users to bypass pagesize limits and cause a denial of service (CPU consumption) via a pageindex (aka data page number) of -1.
Codeplex Subsonic
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2